Link Search Menu Expand Document

Upgrading the Certdog Database

DO NOT PERFORM THIS STEP ON VERSIONS 1.17 OR LATER

Contact Krestfield Support if you are unsure whether this step needs to be carried out


These instructions relate to versions 1.16 and earlier and result in a newer database being installed

These steps MUST be carried out before upgrading from version 1.16 as all future versions utilise the later database formats


Pre-requisites

You will need the database admin password. This is the password that was entered when the server was first installed.


The database must use a TLS connection. Note that, for free versions before 1.16, TLS was not enabled by default on the database

To enable TLS, stop the Krestfield CertDog Service, then edit [CERTDOG INSTALL]\config\application.properties. At the top of the file, add ?tls=true to the end of the spring.data.mongodb.uri. For example, if you have:

spring.data.mongodb.uri=mongodb://certmanuser:1TPEwGJ2h1CBcoG0suUX@127.0.0.1/certman

Update so it looks like this:

spring.data.mongodb.uri=mongodb://certmanuser:1TPEwGJ2h1CBcoG0suUX@127.0.0.1/certman?tls=true


Next edit [CERTDOG INSTALL]\mongodb\bin\mongod.cfg adding the following to the net section:

tls:	
	mode: requireTLS
	certificateKeyFile: C:\certdog\mongodb\..\config\sslcerts\dbssl.pem
	allowConnectionsWithoutCertificates: true

E.g. if you have:

...
net:
   bindIp: 127.0.0.1
   port: 27017
setParameter:
   enableLocalhostAuthBypass: false
...   

It would become:

net:
   bindIp: 127.0.0.1
   port: 27017
   tls:
      mode: requireTLS
      certificateKeyFile: C:\certdog\mongodb\..\config\sslcerts\dbssl.pem
      allowConnectionsWithoutCertificates: true
setParameter:
   enableLocalhostAuthBypass: false

Ensuring that your path names are correct. E.g. in this example we use c:\certdog as the default installation. Update appropriately

Verify the server still starts and operates after these changes have been made


Backup

Open the services snapin and stop the following services:

  • Krestfield Cerdog Service
  • Krestfield Cerdog Database

Certdog Services

(To open the services snapin - click Start, type services and select the Services App)


Backup the current installation by copying the entire install folder. E.g. if the installation resides at c:\certdog copy (or zip up) the entire folder


Upgrade the database

Open a PowerShell window as administrator

Navigate to [CERT DOG INSTALL]\install e.g. C:\certdog\install and run:

.\upgrade-db.ps1

This script will ask for the database admin password


Note

The script is unaware of what updates have been made to the TLS certificates. It replaces them all with versions it knows will operate correctly.

If you have have made changes to your TLS certificates - server or database, they are copied to: .\certdog\config\sslcerts.bak[TIMESTAMP] e.g. .\certdog\config\sslcerts.bak.20260226-1012 and they must then be manually coped back to the .\sslcerts folder


Troubleshooting

If the script does not complete and you see an error such as

Database dump failed. Exiting.

Verify that the admin password for the database is correct

Verify that you meet the pre-requisites mentioned at the top of this page


The script outputs the following files (located in the .\certdog\install folder:

  • upgradedblog.txt

  • upgradedblog.out

Any errors during the process will be available in these files



If the script completes OK but the system is unavailable, check if the following services are running:

  • Krestfield Certdog Service

  • Krestfield CertDog Database

If these are not running. First attempt to start the Krestfield Certdog Database service. If this still won’t start perform the following:

Navigate to .\certdog\mongodb\bin and open mongod.cfg

...
net:
   bindIp: 127.0.0.1
   port: 27017
   tls:
        mode: requireTLS
        certificateKeyFile: C:\certdog\mongodb\..\config\sslcerts\dbssl.pem
        CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem
        CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem
		allowConnectionsWithoutCertificates: true
setParameter:
   enableLocalhostAuthBypass: false
replication:
   replSetName: replocal
security:
   authorization: "enabled"
   clusterAuthMode: x509
   clusterAuthMode: x509   

If you see any duplicate lines, remove the duplicates. For example, in this example, there are duplicates for CAFile:

        CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem
        CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem

and clusterAuthMode:

   clusterAuthMode: x509
   clusterAuthMode: x509  

So remove the duplicate items so there is only one CAFile:

        CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem

and one clusterAuthMode:

   clusterAuthMode: x509

Do this for any other duplicates found.

Save the mongod.cfg file and attempt to restart the services in this order:

  1. Krestfield Certdog Service

  2. Krestfield CertDog Database




If the upgrade does fail and cannot be recovered, rollback the installation by stopping the services and re-instating the backed up files (as carried out in the Backup section above). Once restored, re-start the services